Andrew Walker [Thu, 24 Sep 2020 20:57:59 +0000 (16:57 -0400)]
vfs_zfsacl: add zfs configuration guidance to manpage
Provide minimal background information on recommended ZFS settings
for a samba share.
Signed-off-by: Andrew Walker <awalker@ixsystems.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 15 20:27:34 UTC 2020 on sn-devel-184
Andrew Walker [Thu, 24 Sep 2020 20:04:12 +0000 (16:04 -0400)]
vfs_zfsacl: only grant DELETE_CHILD if ACL tag is special
When ZFS aclmode is set to "passthrough" chmod(2)/fchmod(2) will result
in special entries being modified in a way such that delete, delete_child,
write_named_attr, write_attribute are stripped from the returned ACL entry,
and the kernel / ZFS treats this as having rights equivalent to the desired
POSIX mode. Historically, samba has added delete_child to the NFSv4 ACL, but
this is only really called for in the case of special entries in this
particular circumstance.
Alter circumstances in which delete_child is granted so that it only
is added to special entries. This preserves the intend post-chmod behavior,
but avoids unnecessarily increasing permissions in cases where it's not
intended. Further modification of this behavior may be required so that
we grant a general read or general write permissions set in case of
POSIX read / POSIX write on special entries.
Pair-Programmed-With: Andrew Walker <awalker@ixsystems.com> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Andrew Walker <awalker@ixsystems.com> Reviewed-by: Jeremy Allison <jra@samba.org>
Pair-Programmed-With: Andrew Walker <awalker@ixsystems.com> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Andrew Walker <awalker@ixsystems.com> Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Walker [Thu, 24 Sep 2020 15:42:16 +0000 (11:42 -0400)]
vfs_zfsacl: Add new parameter to stop automatic addition of special entries
Prevent ZFS from automatically adding NFSv4 special entries (owner@, group@,
everyone@). ZFS will automatically add these these entries when calculating the
inherited ACL of new files if the ACL of the parent directory lacks an
inheriting special entry. This may result in user confusion and unexpected
change in permissions of files and directories as the inherited ACL is
generated. Blocking this behavior is achieved by setting an inheriting
everyone@ that grants no permissions and not adding the entry to the file's
Security Descriptor.
This change also updates behavior so that the fd-based syscall facl() is
used where possible.
Pair-Programmed-With: Andrew Walker <awalker@ixsystems.com> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Andrew Walker <awalker@ixsystems.com> Reviewed-by: Jeremy Allison <jra@samba.org>
s3:ctdbd_conn: simplify get_public_ips() / find_in_public_ips() API
These calls are used to check whether an IP address is static to the
host, or whether it could be migrated by ctdb.
Combine the calls into a simple ctdbd_public_ip_foreach(cb) function,
which avoids the need to expose struct ctdb_public_ip_list_old.
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 14 12:29:56 UTC 2020 on sn-devel-184
Jones Syue [Mon, 28 Sep 2020 01:10:03 +0000 (09:10 +0800)]
interface: fix if_index is not parsed correctly
Replace probed_ifaces[i] with ifs.
In SDC 2020 SMB3 Virtual IO Lab,
run Windows Protocol Test Suite to test FileServer multichannel test cases.
Samba server has 2 virtual interfaces for VPN connection:
> name=tun2001, ip/mask=192.168.144.9/22
> name=tun2002, ip/mask=192.168.144.10/22
test suite client can ping these 2 ip addresses and browse shares.
Then client try to use IOCTL FSCTL_QUERY_NETWORK_INTERFACE_INFO to get the
virtual ip addresses of samba server, but samba server responded it
without the virtual ip addresses. My VPN setup is point-to-point and the
virtual interfaces 'tun2001' & 'tun2002' are without flag IFF_BROADCAST.
So edit smb.conf and add
"interfaces = ${virtual_ip}/${mask_length};if_index=${id}", like this:
> interfaces = eth4 eth8 eth11 eth10 qvs0 "192.168.144.9/22;if_index=50" "192.168.144.10/22;if_index=51"
then samba server IOCTL response could return the virtual ip addresses,
but found a issue:
the interface index of virtual ip addresses is always 4294967295
(0xFFFFFFFF, -1).
Quote Metze: https://gitlab.com/samba-team/devel/samba/-/commit/6cadb55d975a6348a417caed8b3258f5be2acba4#note_419181789
This looks good, I think that also explains
the possible memory corruption/crash I mentioned in the bug report.
As 'i' is most likely the same as 'total_probed' and
probed_ifaces[i] is not valid, so we overwrite unrelated memory.
Later I see 'realloc(): invalid pointer' and this backtrace:
BACKTRACE:
#0 log_stack_trace + 0x29 [ip=0x7f2f1b6fffa9] [sp=0x7ffcd0ab53e0]
#1 smb_panic + 0x11 [ip=0x7f2f1b700301] [sp=0x7ffcd0ab5d10]
#2 sig_fault + 0x54 [ip=0x7f2f1b7004f4] [sp=0x7ffcd0ab5e20]
#3 funlockfile + 0x50 [ip=0x7f2f17ce6dd0] [sp=0x7ffcd0ab5ec0]
#4 gsignal + 0x10f [ip=0x7f2f1794970f] [sp=0x7ffcd0ab6b90]
#5 abort + 0x127 [ip=0x7f2f17933b25] [sp=0x7ffcd0ab6cb0]
#6 __libc_message + 0x297 [ip=0x7f2f1798c897] [sp=0x7ffcd0ab6de0]
#7 malloc_printerr + 0x1c [ip=0x7f2f17992fdc] [sp=0x7ffcd0ab6ef0]
#8 realloc + 0x23a [ip=0x7f2f17997f6a] [sp=0x7ffcd0ab6f00]
#9 _talloc_realloc + 0xee [ip=0x7f2f1a365d2e] [sp=0x7ffcd0ab6f50]
#10 messaging_filtered_read_send + 0x18c [ip=0x7f2f1a10f54c] [sp=0x7ffcd0ab6fb0]
#11 messaging_read_send + 0x55 [ip=0x7f2f1a10f705] [sp=0x7ffcd0ab7000]
#12 smb2srv_session_table_init + 0x83 [ip=0x7f2f1b3a6cd3] [sp=0x7ffcd0ab7040]
#13 smbXsrv_connection_init_tables + 0x2d [ip=0x7f2f1b373f4d] [sp=0x7ffcd0ab7060]
#14 smbd_smb2_request_process_negprot + 0x827 [ip=0x7f2f1b38cb47] [sp=0x7ffcd0ab7080]
#15 smbd_smb2_request_dispatch + 0x19db [ip=0x7f2f1b38921b] [sp=0x7ffcd0ab71d0]
#16 smbd_smb2_process_negprot + 0x298 [ip=0x7f2f1b38bb38] [sp=0x7ffcd0ab7260]
#17 process_smb + 0x2ca [ip=0x7f2f1b37537a] [sp=0x7ffcd0ab72b0]
#18 smbd_server_connection_read_handler + 0xd0 [ip=0x7f2f1b376420] [sp=0x7ffcd0ab7350]
Anoop C S [Mon, 12 Oct 2020 11:25:40 +0000 (16:55 +0530)]
vfs_shadow_copy2: Avoid closing snapsdir twice
As per man page for closedir(3):
. . .
The closedir() function closes the directory stream associated with
dirp. A successful call to closedir() also closes the underlying file
descriptor associated with dirp.
. . .
Therefore we don't have to attempt an additional close of file
descriptor after closedir().
Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Oct 14 10:08:24 UTC 2020 on sn-devel-184
s3:lib: Move interface prototypes to own header file
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 9 20:36:13 UTC 2020 on sn-devel-184
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 8 17:52:46 UTC 2020 on sn-devel-184
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 8 16:29:27 UTC 2020 on sn-devel-184
Jeremy Allison [Mon, 5 Oct 2020 19:07:18 +0000 (12:07 -0700)]
s3: smbd: Add a 'const char *src_orginal_lcomp' (last component) parameter to rename_internals().
Not yet used. Passing as NULL means explicitly no wildcards
in the source name. There's only one place where we have to handle
wildcards here and that is from SMB1 reply_mv().
Could have used a bool here as in unlink_internals() but
using a string here makes the parameters more symmetrical
around src and destination values.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 5 Oct 2020 18:27:30 +0000 (11:27 -0700)]
s3: smbd: SMB1 reply_copy. Check untouched last component for wildcards in src and dst.
Not doing a test for this as wildcard SMB1copy() is evil and
should be removed. It's the same fix I'm doing for unlink
and rename, so this shouldn't be an issue.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 6 23:06:50 UTC 2020 on sn-devel-184
Martin Schwenke [Wed, 30 Sep 2020 00:48:38 +0000 (10:48 +1000)]
ctdb-tests: Strengthen node state checking in ctdb disable/enable test
Check that the desired state is set on all nodes instead of just the
test node. This ensures that node flags have correctly propagated
across the cluster.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14513 Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Oct 6 04:32:06 UTC 2020 on sn-devel-184
Martin Schwenke [Tue, 16 Jan 2018 04:15:51 +0000 (15:15 +1100)]
ctdb-recoverd: Drop unnecessary and broken code
update_flags() has already updated the recovery master's canonical
node map, based on the flags from each remote node, and pushed out
these flags to all nodes.
If i == j then the node map has already been updated from this remote
node's flags, so simply drop this case.
Although update_flags() has updated flags for all nodes, it did not
update each node map in remote_nodemaps[] to reflect this. This means
that remote_nodemaps[] may contain inconsistent flags for some nodes
so it should not be used to check consistency when i != j.
Further, a meaningful difference in flags can only really occur if
update_flags() failed. In that case this code is never reached.
These observations combine to imply that this whole loop should be
dropped.
This leaves potential sub-second inconsistencies due to out-of-band
healthy/unhealthy flag changes pushed via CTDB_SRVID_PUSH_NODE_FLAGS.
These updates could be dropped (takeover run asks each node for
available IPs rather than making centralised decisions based on node
flags) but for now they will be fixed in the next iteration of
main_loop().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14513 Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
4.2.3 went out of support, so update the header file to the oldest
currently supported GPFS version. Going forward, this will allow usage
of newer API calls.
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Mon Oct 5 20:06:04 UTC 2020 on sn-devel-184
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Oct 5 12:38:34 UTC 2020 on sn-devel-184
libcli: Use GUID_to_ndr_buf() in smb2cli_validate_negotiate_info_send()
Avoid a talloc/free
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 2 22:50:43 UTC 2020 on sn-devel-184
Ralph Boehme [Fri, 2 Oct 2020 15:29:58 +0000 (17:29 +0200)]
vfs: remove dirfsp arg from SMB_VFS_CREATE_FILE()
This was supposed to be a shortcut to avoid passing dirfsp around as an explicit
function argument throughout the whole codebase when the new VFS design idea was
based on using *AT functions throughout the VFS.
Now that we've opted for basing the VFS on handles and *AT functions will only
be used in a much more limitted extent, it makes sense to remove this internal
dirfsp reference, otherwise the combination of internal fsp->dirfsp and
smb_fname->fsp is going to be a tough to wrap your head around.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 2 21:00:05 UTC 2020 on sn-devel-184
Ralph Boehme [Fri, 2 Oct 2020 14:51:16 +0000 (16:51 +0200)]
smbd: remove fsp->dirfsp
This was supposed to be a shortcut to avoid passing dirfsp around as an explicit
function argument throughout the whole codebase when the new VFS design idea was
based on using *AT functions throughout the VFS.
Now that we've opted for basing the VFS on handles and *AT functions will only
be used in a much more limitted extent, it makes sense to remove this internal
dirfsp reference, otherwise the combination of internal fsp->dirfsp and
smb_fname->fsp is going to be a tough to wrap your head around.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 2 Oct 2020 14:41:27 +0000 (16:41 +0200)]
smbd: remove dirfsp arg from create_file_unixpath()
Prepares for removing the dirfsp arg from SMB_VFS_CREATE_FILE() again. In the
future dirfsp has to opened as needed within create_file_unixpath() and below.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 16 Sep 2020 13:40:36 +0000 (15:40 +0200)]
s4/torture: use unique filename for torture_samba3_hide() test
The filename "test.txt" is also used by other tests and without O_PATH the file
can't be removed at the end of this tests: open_smb_fname_fsp() fails with
ACCESS_DENIED because the POSIX mode of the file is 0000 and become_root() used
in the #ifndef O_PATH fallback case doesn't work in CI.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 11 Sep 2020 20:29:46 +0000 (14:29 -0600)]
python2 reduction: Merge remaining compat code into common
The remaining compat code (get_string, get_bytes,
cmp) are useful helper routines which we should
simply merge into common (especially since there
is some duplication here).
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Fri Oct 2 14:49:36 UTC 2020 on sn-devel-184
Move of strcasecmp redefine to lib/util/safe_string.h in
https://gitlab.com/samba-team/samba/-/merge_requests/1507 broke build on
Fedora 33 with GCC 10.2.1 for those compilation units that use
ldb_att_cmp().
The reason for that is that ldb_attr_cmp() defined as
#define ldb_attr_cmp(a, b) strcasecmp(a, b)
because attribute names restricted to be ASCII by RFC2251 (LDAPv3 spec).
A solution is to add
#undef strcasecmp
to all source code files which use ldb_attr_cmp().
Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 1 22:45:29 UTC 2020 on sn-devel-184
Jule Anger [Thu, 27 Aug 2020 07:20:11 +0000 (09:20 +0200)]
samba-tool tests: rename 'contact create' to 'contact add'
Signed-off-by: Jule Anger <ja@sernet.de> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Oct 1 02:44:09 UTC 2020 on sn-devel-184
projects / thirdparty / samba.git / log
